[Snort-users] Fallacies and lies.
Jason.Haar at ...294...
Wed Nov 5 15:11:07 EST 2003
I don't want to be seen to be standing up for Gartner - but one thing is
"They don't work at wire speeds. Most network-based IDS products don't detect
attacks in real time, and they can't handle the high speeds of internal
The last piece is correct - in a different context. If you want to start
pushing IDS "features" into your core INTERNAL network - then you really are
looking at IDS functionality within routers and switches - not extra boxes.
If you have 40 switches on your LAN - what would you prefer? 40 new IDS in
front of each, or switches that "do" IDS? What about the extra 70 Wireless
APs you have? You can't have them all sitting next to one IDS now can you...
Either switches add IDS functionality, or IDS needs to add switch
...or we all go to migrating to HIDS [that's where I think the future lies -
even IDS in switches can't handle IPSec]
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
More information about the Snort-users